1. Information We Collect

We collect the following types of information:

Account data: Email address, display name, and authentication provider (Google, Email/Password)
Usage data: Search queries, investigation activity, feature usage, and page views
User-generated content: Labels, annotations, saved searches, bookmarks, and investigations
Technical data: IP address (for rate limiting and abuse prevention), browser type, and device information

2. Information We Do NOT Collect

We do not collect or store private keys, seed phrases, or wallet passwords
We do not collect financial account information (bank accounts, credit card numbers are processed by Stripe)
We do not track users across other websites

3. How We Use Your Information

To provide and improve the Service
To enforce rate limits and prevent abuse
To send important account notifications (security alerts, billing updates)
To provide customer support
To generate anonymous, aggregated analytics about Service usage

4. Blockchain Data

ChainGraph indexes publicly available blockchain data. This data is inherently public — anyone can access it through blockchain nodes. We do not consider blockchain addresses or transaction data to be personal information, as they are pseudonymous public records. However, user-applied labels that link blockchain addresses to real-world identities are treated as sensitive user-generated content and subject to visibility controls.

5. Data Sharing

We do not sell your personal data. We may share data with:

Service providers: Firebase (authentication), Stripe (payments), Hetzner (infrastructure)
Legal requirements: When required by law, court order, or governmental regulation
Team members: Data you explicitly share with your team within the platform

6. Data Retention

Account data is retained while your account is active. After account deletion, we retain anonymized usage data for analytics. User-generated content (labels, investigations) is permanently deleted within 30 days of account deletion. Blockchain data (public records) is retained indefinitely as it is publicly available information.

7. Your Rights (GDPR)

If you are in the EU/EEA, you have the following rights:

Access: Request a copy of your personal data via Settings > Privacy > Export Data
Rectification: Update your information in Settings
Erasure: Delete your account and all associated data via Settings > Privacy > Delete Account
Portability: Export your data in JSON format
Objection: Object to processing by contacting us

8. Cookies

We use essential cookies for authentication (session token) and preferences. We use Google Analytics for anonymous usage tracking. You can disable non-essential cookies through your browser settings. The session cookie is set on .chain-graph.com and is required for the Service to function.

9. Security

We implement industry-standard security measures including encrypted connections (TLS), secure authentication (Firebase + RS256 JWT), parameterized database queries, read-only enforcement on user-generated queries, and tenant isolation on all data access. Infrastructure is hosted on dedicated hardware with firewall and intrusion prevention.

10. Contact

For privacy inquiries, data requests, or complaints, contact us at [email protected].

Privacy Policy